LinkedIn warns company over “Hack In” tool that shows email addresses

LinkedIn is urging people to stay away from Sell Hack, a sinister-sounding service that reveals the personal email address of anyone with a profile on the professional network. LinkedIn is warning that the service’s “Hack In” tool uploads confidential information, and says it has sent Sell Hack a cease-and-desist letter. [Update: in a blog post, Sell Hack says it has disabled the button]

Sell Hack is marketing the “Hack In” button to salespeople looking to reach new prospects. The company’s website claims that people who install its plug-in will be able to use the button to view the email contact of LinkedIn members with whom they’re not connected, such as LinkedIn CEO Jeff Weiner:

The tool apparently works. Yahoo Tech, which first reported the story, posted screenshots of the “Hack In” button to show how it was easy to obtain the personal email of the “Princeton Mom.”

LinkedIn is not impressed. In an email statement, a spokesperson said the company sent Sell Hack a legal warning over “several violations.” It also cautioned its users:

We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent.

That’s not bad advice considering that little good comes out of installing mystery plug-ins, but one has to wonder what the heck is going on beyond LinkedIn’s curtain in the first place. As Emil Protalinski put it, “this type of trickery shouldn’t be possible in the first place.” It’s hard to imagine such stunts would be possible at Facebook or Google.

In a follow-up message, LinkedIn stated: “Sell Hack is not the result of a security breach, bug or vulnerability. No member data has been put at risk as a result of Sell Hack. LinkedIn is doing everything it can to shut Sell Hack down.”

Recall that LinkedIn is also facing a class action for allegedly “breaking into” user emails, and is also beating off another mysterious company that is using bots to steal its user profiles. Perhaps it’s time for the company to devote a little more time to security, instead of bombarding users with “endorsement” opportunities.

This story was updated at 11:55pmET to include LinkedIn’s further comment.